I would echo the prevailing sentiment here, that ultimately you must trust something. You can certainly store encrypted files on the server. (There are probably more advantages to that, than “encrypting on the fly.”) Perhaps a public-key encryption scheme could be used for processing the content at the user end.